Should you consider encrypting your drive on general principles? If you are, then TrueCrypt is an excellent tool that's pretty easy to use (if you follow the whole drive encryption wizard and aren't hyper-paranoid.) It's easy to encrypt, it's easy to decrypt later if you change your mind. The performance hit is minimal on a modern system.

Should you be paranoid about crossing the border? Doubtful. Dude, you're not going to Iran...

Yeah, that's kind of what I was getting at. Many folks seem to think that thieves are stealing laptops to try and find bank info and such. While that's possible, it's not the norm. Typically, they want to sell the laptop as a laptop, not try and steal what little bit of financial info may be on the drive. Now, if you're a financial adviser, an attorney or other professional with client data on it then yeah, you should be encrypting that drive. That's a wholly different thread, though.

Should you consider encrypting your drive on general principles? If you are, then TrueCrypt is an excellent tool that's pretty easy to use (if you follow the whole drive encryption wizard and aren't hyper-paranoid.) It's easy to encrypt, it's easy to decrypt later if you change your mind. The performance hit is minimal on a modern system.

Should you be paranoid about crossing the border? Doubtful. Dude, you're not going to Iran...

You should. Because the country you are travelling to may differ significantly from the one you live in.

I would encrypt anything and everything. Even if you don't store any sensitive information like bank cards, you still visit internet pages, your browser stores web history (or you might have saved some passwords in it and forget about it). Finally, there may be photos of yours or your family members on your computer.

The best way to protect oneself against risk is to eliminate the very possibility of bad things happening (in this case protecting means turning your laptop into a useless piece of hardware if it gets into wrong hands).

You should. Because the country you are travelling to may differ significantly from the one you live in.

I work in a reality where paranoia is justified, and encryption a commonplace annoyance. There are lots of general purpose reasons why it's reasonable to use when the barrier to entry is so low.

Should a Canadian give into the fear that crossing into the States is somehow like crossing into a North Korea-like nightmare of seizures, searches and anal probes? No, but that's not really a technical question with a technical solution.

I work in a reality where paranoia is justified, and encryption a commonplace annoyance. There are lots of general purpose reasons why it's reasonable to use when the barrier to entry is so low.

Typing a password when I turn on my laptop is not much of an annoyance to me.

Quote:

Should a Canadian give into the fear that crossing into the States is somehow like crossing into a North Korea-like nightmare of seizures, searches and anal probes? No, but that's not really a technical question with a technical solution.

My point is that if you want to be 100% sure you avoid an unpleasant situation you must eliminate the very possibility of it to happen. Otherwise, the situation (in this case - an unencrypted laptop) is not 100% safe by definition.

I work in a reality where paranoia is justified, and encryption a commonplace annoyance. There are lots of general purpose reasons why it's reasonable to use when the barrier to entry is so low.

Typing a password when I turn on my laptop is not much of an annoyance to me.

Quote:

Should a Canadian give into the fear that crossing into the States is somehow like crossing into a North Korea-like nightmare of seizures, searches and anal probes? No, but that's not really a technical question with a technical solution.

My point is that if you want to be 100% sure you avoid an unpleasant situation you must eliminate the very possibility of it to happen. Otherwise, the situation (in this case - an unencrypted laptop) is not 100% safe by definition.

Nothing is 100% safe. If anyone wants your data real bad, he'll get it. Put a gun to your head and you'll open that armored vault in a nanosecond. Conversely, since it's not 100% safe to go out and walk around, one should avoid this experience altogether, and live underneath a bed with a flashlight and a copy of Ivanhoe.

If your data is so precious why would you want keeping it on your laptop rather than in a secured data center?

Yeah, put that stuff on the network, so it's easier to get your data from ANYWHERE

Encryption is a reasonable step. Be sure the system is powered fully off if you suspect that you're going to get into a dangerous situation. Truecrypt is a good tool for encryption and the pain factor is lower than many other solutions.

That's really all there is to it.

You can get really nutty and do things like asynchronous encryption where you drop data into an encrypted store but the decryption key doesn't exist on the same device or create a hidden encrypted file or partition within an encrypted partition, etc. but you're not going to get attacked by a Three Letter Acronym for personal data. The point is to guard yourself against garden variety theft, identity theft, etc.

Nothing is 100% safe. If anyone wants your data real bad, he'll get it. Put a gun to your head and you'll open that armored vault in a nanosecond.

If your data is so precious why would you want keeping it on your laptop rather than in a secured data center?

Quote:

Conversely, since it's not 100% safe to go out and walk around, one should avoid this experience altogether, and live underneath a bed with a flashlight and a copy of Ivanhoe.

So one can skip fastening himself and his kids in their car when driving. It's not "100% safe" anyway, so why bother.

If your data is stored in a secure location, why bother encrypting it? Notice that I am not against encryption, which I use for certain folders, not the entire volume though.

My comment about "100% safe" was directed towards your own comment that by encrypting a volume said volume would be safe from prying eyes. To the point, all you can do is work the percentages. Like in your flawed car analogy and the seat belts. I am sure you could find plenty of instances where being strapped to a seat belt was not helpful, quite the contrary. It's just that using a seat belt will reduce the percentages of a serious injury when you look at the big picture. Likewise, encrypting a volume will only keep those not truly interested in the contents away.

A laptop containing trivial data and travelling through the "civilized world" is perfectly alright. Everywhere I go, my laptop comes with me, and I have yet to encounter any sort of nasty consequences due to the fact that I keep my volume unencrypted. What I do encrypt are copies of emails (for example), friends pics, etc. Nothing earth shattering. For someone with non crucial data I would not recommend full encryption. I have seen the occasional "user locked out from his box" scenario. SOL 100%.

Should a Canadian give into the fear that crossing into the States is somehow like crossing into a North Korea-like nightmare of seizures, searches and anal probes? No, but that's not really a technical question with a technical solution.

I'm a Canadian who crosses into the States regularly to pick up packages from a PO box. I don't take phones or laptops with me any more, because of the number of times they've been searched through with a fine toothed comb. I have nothing to hide and no criminal record, yet I still always get "randomly" selected for an exhaustive multi-hour search. Since I've stopped taking electronics with me, the number of times, and the duration of, searches have decreased.

Should a Canadian give into the fear that crossing into the States is somehow like crossing into a North Korea-like nightmare of seizures, searches and anal probes? No, but that's not really a technical question with a technical solution.

I'm a Canadian who crosses into the States regularly to pick up packages from a PO box. I don't take phones or laptops with me any more, because of the number of times they've been searched through with a fine toothed comb. I have nothing to hide and no criminal record, yet I still always get "randomly" selected for an exhaustive multi-hour search. Since I've stopped taking electronics with me, the number of times, and the duration of, searches have decreased.

Just noting that the folks who smuggle data across borders and such do not have criminal records. In fact, they usually don't even have parking tickets.

My comment about "100% safe" was directed towards your own comment that by encrypting a volume said volume would be safe from prying eyes. To the point, all you can do is work the percentages.

Never met a customs officer or a cop able to decrypt/brute-force AES-encrypted hard drive without a password. I'll be cautious from now on.

Quote:

Like in your flawed car analogy and the seat belts. I am sure you could find plenty of instances where being strapped to a seat belt was not helpful, quite the contrary. It's just that using a seat belt will reduce the percentages of a serious injury when you look at the big picture. Likewise, encrypting a volume will only keep those not truly interested in the contents away.

I didn't say that a seat belt was a 100% safety measure. Did I?

Quote:

A laptop containing trivial data and travelling through the "civilized world" is perfectly alright.

It is all right, but not perfectly. With added encryption, however, it will be perfectly all right, yes.

Quote:

Everywhere I go, my laptop comes with me, and I have yet to encounter any sort of nasty consequences due to the fact that I keep my volume unencrypted. What I do encrypt are copies of emails (for example), friends pics, etc. Nothing earth shattering. For someone with non crucial data I would not recommend full encryption. I have seen the occasional "user locked out from his box" scenario. SOL 100%.

Isn't it contradictory? You said earlier there was nothing 100% certain. Not it seems like there is.

My comment about "100% safe" was directed towards your own comment that by encrypting a volume said volume would be safe from prying eyes. To the point, all you can do is work the percentages.

Never met a customs officer or a cop able to decrypt/brute-force AES-encrypted hard drive without a password. I'll be cautious from now on.

Quote:

Like in your flawed car analogy and the seat belts. I am sure you could find plenty of instances where being strapped to a seat belt was not helpful, quite the contrary. It's just that using a seat belt will reduce the percentages of a serious injury when you look at the big picture. Likewise, encrypting a volume will only keep those not truly interested in the contents away.

I didn't say that a seat belt was a 100% safety measure. Did I?

Quote:

A laptop containing trivial data and travelling through the "civilized world" is perfectly alright.

roper reIt is all right, but not perfectly. With added encryption, however, it will be perfectly all right, yes.

Quote:

Everywhere I go, my laptop comes with me, and I have yet to encounter any sort of nasty consequences due to the fact that I keep my volume unencrypted. What I do encrypt are copies of emails (for example), friends pics, etc. Nothing earth shattering. For someone with non crucial data I would not recommend full encryption. I have seen the occasional "user locked out from his box" scenario. SOL 100%.

Isn't it contradictory? You said earlier there was nothing 100% certain. Not it seems like there is.

The point is that "being alright" is perfectly fine. As I said, I've seen people 100% SOL due to the lock. Yes, absolute proof and certainty applies to alcohol and Murphy's Law. When you are SOL, by definition you are 100% SOL. Not worth the trouble IMO. Let's put it this way, I'd recommend encryption if/when I know the user will take the precautions to be in possession of his/her data. If I don't know this one way or the other, I usually recommend against it. The SOL factor at play again.

My two-cents-worth: I keep sensitive/personal information on my laptop in an encrypted TrueCrypt 4Gb drive - that way I have a single smallish (4Gb) file I can easily copy and backup elsewhere. Bank passwords etc are stored in a Password Safe database.

I don't bother encrypting the entire drive, as 99% of the stuff on there isn't sensitive, and I've always been a bit twitchy about encrypting the entire HD.

For trips abroad, I also make a small truecrypt container and put my bank password database, insurance docs and scans of my family's passport photos in it, then I email the container to myself at Gmail.

That way, if I lose EVERYTHING, I can buy (or steal) a new laptop, download the container onto it, install Truecrypt and Password Safe and recover the info to wave in front of the consulate.

The point is that "being alright" is perfectly fine. As I said, I've seen people 100% SOL due to the lock. Yes, absolute proof and certainty applies to alcohol and Murphy's Law. When you are SOL, by definition you are 100% SOL. Not worth the trouble IMO. Let's put it this way, I'd recommend encryption if/when I know the user will take the precautions to be in possession of his/her data. If I don't know this one way or the other, I usually recommend against it. The SOL factor at play again.

Honestly, I don't have that much experience with alcohol. Neither do I have that many episodes in my life that would qualify as SOL (probably because I don't consume alcohol in the first place). So I totally rely on your experience in this matter

As for the subject at hand, I'm afraid that excessive use of alcohol might lead to partial amnesia of sorts. And because without the password you won't be able to decrypt your drive, then of course you should avoid encrypting it so as not to get into "SOL" one day.

The point is that "being alright" is perfectly fine. As I said, I've seen people 100% SOL due to the lock. Yes, absolute proof and certainty applies to alcohol and Murphy's Law. When you are SOL, by definition you are 100% SOL. Not worth the trouble IMO. Let's put it this way, I'd recommend encryption if/when I know the user will take the precautions to be in possession of his/her data. If I don't know this one way or the other, I usually recommend against it. The SOL factor at play again.

Honestly, I don't have that much experience with alcohol. Neither do I have that many episodes in my life that would qualify as SOL (probably because I don't consume alcohol in the first place). So I totally rely on your experience in this matter

As for the subject at hand, I'm afraid that excessive use of alcohol might lead to partial amnesia of sorts. And because without the password you won't be able to decrypt your drive, then of course you should avoid encrypting it so as not to get into "SOL" one day.

Yeah, I don't drink either. What I meant is that for absolute proof and certainty you only got alcohol (and SOL), the rest is best approximation. As I said, if the user is reliable in terms of storing/remembering his/her password, then encryption is cool. I do, however, just encrypt the one folder (and subfolders) where I keep private enough data that I wouldn't want to be spread around.

Should a Canadian give into the fear that crossing into the States is somehow like crossing into a North Korea-like nightmare of seizures, searches and anal probes? No, but that's not really a technical question with a technical solution.

For what it's worth, there's a... strong awareness, let us say, in the Canadian (and, AFAIK, Western European) business community that any data or equipment that is brought into or stored in the United States is at risk of being seized by the US government without any sort of warrant, due process, or legal basis whatsoever, possibly never to be returned. The Patriot Act is often cited in these discussions, as is, on occasion, the Megaupload situation.

I'm not a legal scholar, so I can't comment on the accuracy of these fears, but they're fairly widespread, and new business models (cloud services that guarantee your data won't pass through or reside in the USA) have started popping up to address these concerns. I've worked for several companies and government agencies where standard practice for travel to the States involved bringing a laptop with just the standard image and VPN client, and remoting back into the office to interact with any files/email we needed.

I wouldn't characterize the searches and seizures that many go through when traveling to the USA to be North Korea-like, but they're certainly more extreme than any other developed nation I can think of, save perhaps Israel.

I'm not a legal scholar, so I can't comment on the accuracy of these fears, but they're fairly widespread, and new business models (cloud services that guarantee your data won't pass through or reside in the USA) have started popping up to address these concerns. I've worked for several companies and government agencies where standard practice for travel to the States involved bringing a laptop with just the standard image and VPN client, and remoting back into the office to interact with any files/email we needed.

I wouldn't characterize the searches and seizures that many go through when traveling to the USA to be North Korea-like, but they're certainly more extreme than any other developed nation I can think of, save perhaps Israel.

Travelling is risky. Especially if one doesn't know (or doesn't bother to research before the trip) the local customs and laws. For instance, in Singapore you can get hanged for 30g of coke or for discharging firearms in a public place.

I'm not a legal scholar, so I can't comment on the accuracy of these fears, but they're fairly widespread, and new business models (cloud services that guarantee your data won't pass through or reside in the USA) have started popping up to address these concerns. I've worked for several companies and government agencies where standard practice for travel to the States involved bringing a laptop with just the standard image and VPN client, and remoting back into the office to interact with any files/email we needed.

So they take the same precautions working in the U.S. as U.S. companies do when they work in China?

I'm not a legal scholar, so I can't comment on the accuracy of these fears, but they're fairly widespread, and new business models (cloud services that guarantee your data won't pass through or reside in the USA) have started popping up to address these concerns. I've worked for several companies and government agencies where standard practice for travel to the States involved bringing a laptop with just the standard image and VPN client, and remoting back into the office to interact with any files/email we needed.

So they take the same precautions working in the U.S. as U.S. companies do when they work in China?

Damn, that's kind of depressing.

Welcome to the real world. It's a pity, there are still people out there who think that not encrypting your laptop is perfectly all right and rely on their knowledge of "good" countries vs. "bad" countries.

I'm not a legal scholar, so I can't comment on the accuracy of these fears, but they're fairly widespread, and new business models (cloud services that guarantee your data won't pass through or reside in the USA) have started popping up to address these concerns. I've worked for several companies and government agencies where standard practice for travel to the States involved bringing a laptop with just the standard image and VPN client, and remoting back into the office to interact with any files/email we needed.

So they take the same precautions working in the U.S. as U.S. companies do when they work in China?

Damn, that's kind of depressing.

Welcome to the real world. It's a pity, there are still people out there who think that not encrypting your laptop is perfectly all right and rely on their knowledge of "good" countries vs. "bad" countries.

This is not quite accurate IMO. Having a dir + subfolders encrypted is enough. There's no need for an encrypted volume. Who gives a fuck about someone's aunt birthday picture? Better yet, use stenography and hide your encrypted folders inside an innocent looking home video, for example. I have travelled extensively, from the US to "insecure" locations, and I have never suffered any abuse from customs anywhere in this very real world.

Now of course, if I had a folder with incriminating data I would encrypt it and hide it. But then again, I would never carry damning evidence in my own laptop of all places. Paranoid people are easily spotted by customs' profilers, and they have their little fun at their expense. YMMV.

This is not quite accurate IMO. Having a dir + subfolders encrypted is enough. There's no need for an encrypted volume. Who gives a fuck about someone's aunt birthday picture? Better yet, use stenography and hide your encrypted folders inside an innocent looking home video, for example. I have travelled extensively, from the US to "insecure" locations, and I have never suffered any abuse from customs anywhere in this very real world.

Now of course, if I had a folder with incriminating data I would encrypt it and hide it. But then again, I would never carry damning evidence in my own laptop of all places. Paranoid people are easily spotted by customs' profilers, and they have their little fun at their expense. YMMV.

The reason why I would encrypt the whole drive is not because I have something incriminating there. It's just because it is PERSONAL information.

Letting someone to get into your personal folder (even if there's nothing more than just auntie's pictures) is like letting them put on your trousers without your consent.

It also allows you to experience the joy of being turned away at the border (possibly without your laptop) if you refuse to decrypt the machine upon request. If you're carrying something so important that this is an acceptable outcome, then alright, but in most scenarios you're better off with either a hidden encrypted partition or a plain vanilla install and remote access.

It also allows you to experience the joy of being turned away at the border (possibly without your laptop) if you refuse to decrypt the machine upon request. If you're carrying something so important that this is an acceptable outcome, then alright, but in most scenarios you're better off with either a hidden encrypted partition or a plain vanilla install and remote access.

It also allows you to experience the joy of being turned away at the border (possibly without your laptop) if you refuse to decrypt the machine upon request. If you're carrying something so important that this is an acceptable outcome, then alright, but in most scenarios you're better off with either a hidden encrypted partition or a plain vanilla install and remote access.

How's that different from my scenario where you encrypt a dir and hide it inside a video or such? I mean, if you are asked to show the contents of your encrypted volume at customs in X country's entry port, what's gonna be your course of action? Say no? Good luck there. Say yes, why bother encrypting anything then? The solution is to offer a vanilla install and use encryption + stenography. They'll never suspect it and you are just as safe without the possible downside of being asked to show the contents of the entire volume.

It also allows you to experience the joy of being turned away at the border (possibly without your laptop) if you refuse to decrypt the machine upon request. If you're carrying something so important that this is an acceptable outcome, then alright, but in most scenarios you're better off with either a hidden encrypted partition or a plain vanilla install and remote access.

How's that different from my scenario where you encrypt a dir and hide it inside a video or such?

HIDDEN encrypted volume. It does not show up. IIRC TrueCrypt's encryption also passes things like a chi squared for randomness of the encrypted data. There's no (easy) way to prove that there is anything on that empty part of the HDD at all.A hidden encrypted volume can hold an entire second OS.